CVE request: Unbound

[Florian Weimer <fw () deneb enyo de>]

Unbound before 1.3.4 does not check the signatures on NSEC3 records
under unspecified conditions, enabling attackers who can perform DNS
spoofing to downgrade existing secure delegations to insecure status,
which then can be targeted in further spoofing attacks.

<http://unbound.net/pipermail/unbound-users/2009-October/000852.html>

(Older versions, back to 1.0.x, are also affected.)